On Fri, Mar 28, 2025 at 12:44:47AM +0200, Peter Pentchev wrote:
> On Thu, Mar 27, 2025 at 10:46:23PM +0100, Bill Allombert wrote:
> > On Thu, Mar 27, 2025 at 11:22:50PM +0200, Peter Pentchev wrote:
> > > > I am among the people who have moved towards the Sequoia family of
> > > > cryptographic tool
0:00:00 2001
From: Peter Pentchev
Date: Fri, 28 Mar 2025 00:39:48 +0200
Subject: [PATCH] Also support sqop, rsop, and gosop for OpenPGP encryption
---
debian/cron.daily | 64 ++-
1 file changed, 58 insertions(+), 6 deletions(-)
diff --git a/debian/cr
On Thu, Mar 27, 2025 at 11:22:50PM +0200, Peter Pentchev wrote:
> > I am among the people who have moved towards the Sequoia family of
> > cryptographic tools; in particular, sqop (a Sequoia implementation of
> > the SOP command-line interface) seems to work:
> >
> > [roam@straylight ~]$ echo
On Thu, Mar 27, 2025 at 08:46:53PM +0100, Simon Josefsson wrote:
> Bill Allombert writes:
>
> > Dear Debian developpers,
> >
> > popularity-contest relies on /usr/bin/gpg for encrypting files.
> > (it cannot use gpgv which does not provide encryption).
>
&
On Thu, Mar 27, 2025 at 11:05:11PM +0200, Peter Pentchev wrote:
> On Thu, Mar 27, 2025 at 07:45:12PM +0100, Bill Allombert wrote:
> > Dear Debian developpers,
> >
> > popularity-contest relies on /usr/bin/gpg for encrypting files.
> > (it cannot use gpgv which
On Thu, Mar 27, 2025 at 07:45:12PM +0100, Bill Allombert wrote:
> Dear Debian developpers,
>
> popularity-contest relies on /usr/bin/gpg for encrypting files.
> (it cannot use gpgv which does not provide encryption).
>
> By design popularity-contest needs to have as
On Thu, Mar 27, 2025 at 07:45:12PM +0100, Bill Allombert wrote:
> Dear Debian developpers,
>
> popularity-contest relies on /usr/bin/gpg for encrypting files.
> (it cannot use gpgv which does not provide encryption).
>
> By design popularity-contest needs to have as
Jeremy Stanley writes:
> On 2025-03-27 20:57:52 +0100 (+0100), Petter Reinholdtsen wrote:
>> [Simon Josefsson]
>> > Why does it need to encrypt data?
>>
>> To protect the users privacy.
>>
>> > Can't we just send telemetry over https like everyone else?
>>
>> Not all popcon submissions go over ht
On 2025-03-27 20:57:52 +0100 (+0100), Petter Reinholdtsen wrote:
[Simon Josefsson]
> Why does it need to encrypt data?
To protect the users privacy.
> Can't we just send telemetry over https like everyone else?
Not all popcon submissions go over https, the fallback mechanism is
SMTP.
Also,
Bill Allombert writes:
> Dear Debian developpers,
>
> popularity-contest relies on /usr/bin/gpg for encrypting files.
> (it cannot use gpgv which does not provide encryption).
Why does it need to encrypt data?
Can't we just send telemetry over https like everyone else?
F
[Simon Josefsson]
> Why does it need to encrypt data?
To protect the users privacy.
> Can't we just send telemetry over https like everyone else?
Not all popcon submissions go over https, the fallback mechanism is
SMTP.
--
Happy hacking
Petter Reinholdtsen
Dear Debian developpers,
popularity-contest relies on /usr/bin/gpg for encrypting files.
(it cannot use gpgv which does not provide encryption).
By design popularity-contest needs to have as few non-essential
dependencies as possible because this skews the result.
It used to be the case that
On Fri, Dec 16, 2022 at 01:22:30AM +0100, Juri Grabowski wrote:
> Quebes is not really RPM distribution as long I know.
It is: Qubes' dom0 is based on Fedora.
(and then you can install (almost) any other distro in domU, not
just linux however, but also BSDs, Mirage, Windows or something else.)
Hi!
On Thu, Dec 15, 2022 at 03:12:21PM +0100, Guillem Jover wrote:
> The project name talks about gpg keys, but those are really OpenPGP
> keys (or even better, certificates). I've asked upstream to rename the
> project to avoid this common confusion. So you might want to wait
Hello,
On Thu, Dec 15, 2022 at 08:15:37AM +0100, Adam Borowski wrote:
> These are all RPM distributions, which is definitely not what one would
> expect in our context. At the very least the short desc would need to
> mention that, and I'd recommend having that in the name as well.
Thank you for
On Thu, Dec 15, 2022 at 03:12:21PM +0100, Guillem Jover wrote:
> On Wed, 2022-12-14 at 15:27:18 +0100, Juri Grabowski wrote:
> > * Package name: distribution-gpg-keys
> > Upstream Author : Miroslav Suchý
> > * URL : https://github.com/xsuchy/
Hi!
On Wed, 2022-12-14 at 15:27:18 +0100, Juri Grabowski wrote:
> Package: wnpp
> Version: 1.79
> Severity: wishlist
> Owner: Juri Grabowski
> X-Debbugs-Cc: debian-devel@lists.debian.org, deb...@jugra.de
> * Package name : distribution-gpg-keys
> Version : 1.7.
On Wed, Dec 14, 2022 at 03:27:18PM +0100, Juri Grabowski wrote:
> * Package name: distribution-gpg-keys
> Upstream Author : Miroslav Suchý
> * URL : https://github.com/xsuchy/distribution-gpg-keys/
> Description : GPG keys by various Linux distributions
Package: wnpp
Version: 1.79
Severity: wishlist
Owner: Juri Grabowski
X-Debbugs-Cc: debian-devel@lists.debian.org, deb...@jugra.de
* Package name: distribution-gpg-keys
Version : 1.7.9
Upstream Author : Miroslav Suchý
* URL : https://github.com/xsuchy/distribution-gpg
* License : GPL
Programming Lang: None (data only)
Description : GPG keys for the Mobian package repository
Mobian is a Debian blend targeting mobile devices, such as phones and tablets.
This package provides the GnuPG public key(s) used to sign the Mobian package
repository, as
On Sb, 20 apr 19, 21:18:13, Sharon Dvir wrote:
> Package: wnpp
> Owner: Sharon Dvir
> Severity: wishlist
>
> (resending as I didn't get a bug nr)
Hi Sharon,
You must send the message to sub...@bugs.debian.org and add the
pseudo-header X-Debbugs-CC: debian-devel@lists.debian.org.
Hope this he
++
Description : Use gpg keys to login with an OTP.
A PAM module that enables PAM to authenticate a user using a GPG key-
pair.
The module will present a challenge to the user, encrypted using his
public key.
User is then required to use his private key to decrypt,
extract the correct response and
++
Description : Use gpg keys to login with an OTP.
A PAM module that enables PAM to authenticate a user using a GPG key-
pair.
The module will present a challenge to the user, encrypted using his
public key.
User is then required to use his private key to decrypt,
extract the correct response and
On Thu, 9 Aug 2018 19:27:40 +, Holger Wansing
wrote:
>I am unable to clearsign a file with gpg, always getting
>permission denied errors.
>However it does not tell me which is the file where permissions
>are missing.
>I checked all files I am aware of:
>- the file to sign
On Thu, 09 Aug 2018 at 23:58:22 +0200, Holger Wansing wrote:
> Yes! That's was exactly the problem: using gpg inside of su -.
Note that if you are trying to protect your key material from a
possibly-compromised main user account, switching from the main account
to the keyring account wi
Hi,
"W. Martin Borgert" wrote:
> On 2018-08-09 19:27, Holger Wansing wrote:
> > I am unable to clearsign a file with gpg, always getting
> > permission denied errors.
>
> Maybe https://bugs.debian.org/836772 or similar?
Yes! That's was exactly the problem: u
On 2018-08-09 19:27, Holger Wansing wrote:
> I am unable to clearsign a file with gpg, always getting
> permission denied errors.
Maybe https://bugs.debian.org/836772 or similar?
Hi,
I am unable to clearsign a file with gpg, always getting
permission denied errors.
However it does not tell me which is the file where permissions
are missing.
I checked all files I am aware of:
- the file to sign,
- all files in .gnupg and the .gnupg dir itself,
They are all fine.
How can
Room application for generating and storing
offline GPG keys
The PGP Clean Room is a newt-based application designed to make generating and
storing
GPG keys offline simpler and easier.
This is the result of my GSoC 2018 project:
https://wiki.debian.org/JacobAdams/PGPCleanRoomLiveCD
Thanks
Package: wnpp
Severity: wishlist
Owner: la...@debian.org
X-Debbugs-CC: debian-devel@lists.debian.org
* Package name: gpg-encrypted-root
Version : 0~20170708+git980a0488-1
Upstream Author : Erik Nellessen
* URL : https://github.com/eriknellessen/gpg-encrypted-root
: GPL-3
> Programming Lang: Shell
> Description : Wrapper tool to easily manage and use keys with GPG
>
> Easy GnuPG (egpg) is a wrapper script that tries to simplify the process of
> using GnuPG. In order to make things easier, it is opinionated about the
> "
and use keys with GPG
Easy GnuPG (egpg) is a wrapper script that tries to simplify the process of
using GnuPG. In order to make things easier, it is opinionated about the
"right" way to use GnuPG.
It helps manage (e.g. generate, revoke...) the keys as well as use them
to verify, sign a
Package: wnpp
Severity: wishlist
Owner: Mike Ingle
* Package name: confidantmail
Version : 0.41
Upstream Author : Mike Ingle
* URL : https://www.confidantmail.org/
* License : GPL
Programming Lang: Python 2.7
Description : Secure GPG-based non-SMTP
Howdy all,
I have uploaded to ‘experimental’ a pre-release of the GnuPG changes in
Dput. The version is dput “0.11.0~3”.
If your packaging workflow has unusual signing practices, or an unusual
GnuPG configuration, your help will be especially valuable to test this
change.
In particular I am see
On Fri, 14 Oct 2016 21:47, d...@fifthhorseman.net said:
>> In a new temp directory do:
>>
>> GNUPGHOME=$(pwd) gpg-agent --daemon gpg .
>>
>> Or whatever you want to run under gpg-agent's control. This has been
>> there for ages.
>
> fwiw, this
On Tue 2016-10-18 07:44:43 -0400, Ian Jackson wrote:
> Daniel Kahn Gillmor writes ("Re: [pkg-gnupg-maint] Bug#840669: Bug#840669:
> Beware of leftover gpg-agent processes"):
>> On Sat 2016-10-15 11:21:29 -0400, Ian Jackson wrote:
>> > 1. gnupg1-compatible authorisa
Ben Finney writes:
> I am preparing a new version of ‘dput’ that stops using ‘/usr/bin/gpg’,
> and instead uses the GPGME library for GnuPG operations.
> […]
> If your packaging workflow has unusual signing practices, or an unusual
> GnuPG configuration, your help will be especia
Daniel Kahn Gillmor writes ("Re: [pkg-gnupg-maint] Bug#840669: Bug#840669:
Beware of leftover gpg-agent processes"):
> On Sat 2016-10-15 11:21:29 -0400, Ian Jackson wrote:
> > 1. gnupg1-compatible authorisation lifetime:
>
> I believe this is a deliberate change in se
On Sat 2016-10-15 11:21:29 -0400, Ian Jackson wrote:
> 1. gnupg1-compatible authorisation lifetime:
I believe this is a deliberate change in semantics from the upstream
GnuPG project. In particular, authorization for the use of secret key
material is now the responsibility of the gpg-ag
Howdy all,
I am preparing a new version of ‘dput’ that stops using ‘/usr/bin/gpg’,
and instead uses the GPGME library for GnuPG operations.
Currently, as of ‘dput’ version 0.10, GnuPG operations are done by
invoking the ‘/usr/bin/gpg’ command in a subprocess. This is fragile in
several ways
Lots of this discussion has been focusing on the test suite process
leak problem. But there are actually three separate use cases which
need something along the lines of my proposal; two of which are
regressions from gnupg1.
1. gnupg1-compatible authorisation lifetime:
Command line use of gpg
an autostarted agent (and the corresponding
> > authorisations, if the user types in a passphrase) have a lifetime
> > limited by that of the gpg process which started the agent.
>
> fwiw, i'm not the person who needs persuading. Ian's proposal is rather
> complex, s
On Fri, 14 Oct 2016 19:17, ijack...@chiark.greenend.org.uk said:
> authorisations, if the user types in a passphrase) have a lifetime
> limited by that of the gpg process which started the agent.
In a new temp directory do:
GNUPGHOME=$(pwd) gpg-agent --daemon gpg .
Or whatever you w
On Fri 2016-10-14 15:18:40 -0400, Werner Koch wrote:
> On Fri, 14 Oct 2016 19:17, ijack...@chiark.greenend.org.uk said:
>
>> authorisations, if the user types in a passphrase) have a lifetime
>> limited by that of the gpg process which started the agent.
>
> In
t suite had a cleanup process, we know exactly how to "un-break"
things.
> I am trying to persaude Daniel that we should provide (at least
> optionally) a mode where an autostarted agent (and the corresponding
> authorisations, if the user types in a passphrase) have a lifetime
&g
Ian Jackson writes ("Beware of leftover gpg-agent processes (was: Re: Changes
for GnuPG in debian)"):
> Johannes Schauer writes ("Beware of leftover gpg-agent processes (was: Re:
> Changes for GnuPG in debian)"):
>
> > Quoting Daniel Kahn Gillmor (2016-08
[Please CC Johannes Thomas Nix on replies; he's not subscribed.]
* Johannes Thomas Nix , 2016-08-11, 09:16:
Found on Reddit a mention of the debian-devel thread about finding GPG
key collisions for developer keys.
Why I write, a while ago I thought about these issues of key
verification
On Sat, Aug 06, 2016 at 12:56:58PM -0400, Daniel Kahn Gillmor wrote:
> ouch! please do file this as a distinct bug report, it's something i
> haven't run into myself and i'd like to track it down.
Done, that's #833596.
Cheers.
--
Stefano Zacchiroli . . . . . . . z...@upsilon.cc . . . . o . .
On Sat 2016-08-06 06:32:39 -0400, Stefano Zacchiroli wrote:
>> >> systemctl --user enable gpg-agent
>> >> systemctl --user enable dirmngr
>
> OTOH, doing this inhibited a proper start of my GNOME session at next
> login: only Nautilus started (I can tell be
; passphrase caching and smartcard management are useful features.
>
> I noticed after upgrading gnupg to experimental and monkeysphere to
> unstable, monkeysphere now has gpg-agent processes running as root:
>
> $ pgrep -a gpg | grep -i monk
> 27043 gpg-agent --homedir /var/lib/monkeys
On Sat, 6 Aug 2016 08:24, p...@debian.org said:
> BTW, does this make parcimonie obsolete? I noticed that dirmngr
We plan to add similar fucntionality to dirmngr but that has not yet
been done and I am not sure whether we will have it for 2.2.
Shalom-Salam,
Werner
--
Die Gedanken sind fr
ems (where i'd expect the majority of secret key access
> >> happens), for folks who are running systemd, i recommend enabling the
> >> systemd user services, as documented in
> >> /usr/share/doc/{gnupg-agent,dirmngr}/README.Debian :
> >>
> >> systemctl --u
ced after upgrading gnupg to experimental and monkeysphere to
unstable, monkeysphere now has gpg-agent processes running as root:
$ pgrep -a gpg | grep -i monk
27043 gpg-agent --homedir /var/lib/monkeysphere/authentication/core
--use-standard-socket --daemon
27061 gpg-agent --homedir /var/lib/mon
On Fri, Aug 05, 2016 at 04:02:07PM -0400, Daniel Kahn Gillmor wrote:
> My long-term goal is to have these things Just Work without *any*
> explicit user intervention.
>
> That is, i want: "If the package is installed, it should work for you."
> and not: "oh, if you want things to actually work, ju
On Fri 2016-08-05 15:03:29 -0400, Peter Colberg wrote:
> On Fri, Aug 05, 2016 at 01:51:07PM -0400, Daniel Kahn Gillmor wrote:
>> I don't think there's any need to add no-autostart in this case. in
>> particular, the daemon will already be running, so any consideration of
>> autostart will just det
On Fri, Aug 05, 2016 at 01:51:07PM -0400, Daniel Kahn Gillmor wrote:
> I don't think there's any need to add no-autostart in this case. in
> particular, the daemon will already be running, so any consideration of
> autostart will just detect and make use of the already-running daemon.
This is pre
the
>> systemd user services, as documented in
>> /usr/share/doc/{gnupg-agent,dirmngr}/README.Debian :
>>
>> systemctl --user enable gpg-agent
>> systemctl --user enable dirmngr
>
> Thanks for the tip. Do you know if this is needed also for GNOME (or
> other
upg-agent,dirmngr}/README.Debian :
>
> systemctl --user enable gpg-agent
> systemctl --user enable dirmngr
Thanks for the tip. Do you know if this is needed also for GNOME (or
other FreeDesktop) session users? Within GNOME, on Debian testing, I see
that my running gpg-agent process is a
> systemd user services, as documented in
>> /usr/share/doc/{gnupg-agent,dirmngr}/README.Debian :
>>
>> systemctl --user enable gpg-agent
>> systemctl --user enable dirmngr
>
> In this case one should also add
>
> no-autostart
>
> to ~/.gnupg/gpg
upg-agent,dirmngr}/README.Debian :
>
> systemctl --user enable gpg-agent
> systemctl --user enable dirmngr
In this case one should also add
no-autostart
to ~/.gnupg/gpg.conf (or ~/.gnupg/gpg.conf-2 when using gpg1 in parallel).
Peter
Ian Jackson writes:
> Johannes Schauer writes ("Beware of leftover gpg-agent processes (was: Re:
> Changes for GnuPG in debian)"):
>
>> Quoting Daniel Kahn Gillmor (2016-08-04 18:29:03)
>> > One of the main differences is that all access to your secret key
>
t isn't
a huge deal, because I do run an agent in the background anyway (and
know of it), but I also have some scripts that call gpg internally
with different GPGHOME (luckily at the moment still gpg1) and I would
really not have expected the gpg calls to start an agent in the
background.
Regards,
Christian
Johannes Schauer writes ("Beware of leftover gpg-agent processes (was: Re:
Changes for GnuPG in debian)"):
> Quoting Daniel Kahn Gillmor (2016-08-04 18:29:03)
> > One of the main differences is that all access to your secret key
> > will be handled through g
Hi,
Quoting Daniel Kahn Gillmor (2016-08-04 18:29:03)
> One of the main differences is that all access to your secret key will be
> handled through gpg-agent, which should be automatically launched as needed.
it might be important to note that gpg launching this gpg-agent process is not
op
On Fri, Jul 08, 2016 at 02:54:20PM +0200, Enrico Zini wrote:
> What if you received a message signed with key 9F6C6333?
>
> That is, what do you do (please list the practical steps) to validate a
> signature that is a few steps away from your key in the WoT?
trust in the real world depends on more
Hi Enrico,
On Fri, 08 Jul 2016 at 11:21:27 +0200, Enrico Zini wrote:
> gpg --verify tells me of a short key ID:
In fact the issuer subpacket is 8-bytes long [0], hence contains the
long key ID of the signer, as seen using ‘--list-packets’:
~$ gpg --list-packets "
imported
* Simon Richter , 2016-07-08, 14:33:
given that it is now possible to generate arbitrary short key ID
collisions[1], and that it's now computationally feasible to at least
generate a pair of keys with colliding long key IDs, I'd like to
rethink practices and tools.
With the web of trust, in p
hat if you received a message signed with key 9F6C6333?
That is, what do you do (please list the practical steps) to validate a
signature that is a few steps away from your key in the WoT?
Enrico
--
GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini
signature.asc
Description: PGP signature
Hi Enrico,
On 08.07.2016 11:21, Enrico Zini wrote:
> given that it is now possible to generate arbitrary short key ID
> collisions[1], and that it's now computationally feasible to at least
> generate a pair of keys with colliding long key IDs, I'd like to rethink
> practices and tools.
With the
* Enrico Zini , 2016-07-08, 11:21:
$ mkdir /tmp/keyring
$ chmod 0700 /tmp/keyring
This way of creating a directory inaccessible to other is racy. Between
mkdir and chmod calls, the directory could be opened by an attacker (and
then kept open forever). A non-racy way looks like this:
$ mkd
cument it, then automate
it", I'd like to begin with a simple use case:
So I received a gpg-signed email, can I trust it?
I'll write here my take on it and request your comments on it, to see if
there are any gaps.
Take for example this file, and an empty keyring:
$ mkdir /t
Package: wnpp
Severity: wishlist
Owner: "Paulo Roberto Alves de Oliveira (aka kretcheu)"
* Package name : pidgin-gpg
Version : 0.9
Upstream Author : Alexander.Murauer.
* URL : https://github.com/segler-alex/Pidgin-GPG
* License : GPL-3
Programmi
On 2014-06-17 05:45, Matthias Urlichs wrote:
> Christian Kastner:
>> While that is sadly true, AFAIK all those legislations still require at
>> least good cause, but more usually a court order, to do so.
>>
> You have no legal protection whatsoever on the "international" side of many
> countries' a
Norbert Preining writes:
> So while I consider it great that the judges in the case you mentioned
> have decided in this way, I don't think this is the *norm* and we -
> those travelling to the US - have to be aware of that.
Well, the norm is that your electronics aren't searched at all. Becaus
i border, etc etc ...
Norbert
PREINING, Norbert http://www.preining.info
JAIST, Japan TeX Live & Debian Developer
GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
---
Excerpts from Norbert Preining's message of 2014-06-16 20:49:26 -0700:
> On Tue, 17 Jun 2014, Matthias Urlichs wrote:
> > > While that is sadly true, AFAIK all those legislations still require at
> > > least good cause, but more usually a court order, to do so.
> > >
> > You have no legal protecti
mmend *never*
entering the US.
Norbert
PREINING, Norbert http://www.preining.info
JAIST, Japan TeX Live & Debian Developer
GPG: 0x860CDC13 fp: F7D8 A9
Hi,
Christian Kastner:
> While that is sadly true, AFAIK all those legislations still require at
> least good cause, but more usually a court order, to do so.
>
You have no legal protection whatsoever on the "international" side of many
countries' airports (sea ports, too, for that matter).
If a
On Mon, 2014-06-16 at 12:01 +, Thorsten Glaser wrote:
> You completely miss http://xkcd.com/538/ and the fact that some
> legislations may require you, with jail penalty, to hand over
> any encryption keys, passwords, etc. you have with you when
> inside their territory.
Quoting the man page:
On 2014-06-16 14:01, Thorsten Glaser wrote:
> Russell Stuart debian.org> writes:
>
>> messages. One of the reasons raised for not doing it is some felt
>> uncomfortable carrying around their GPG keys when travelling.
>>
>> My initial reaction was "that
Russell Stuart debian.org> writes:
> messages. One of the reasons raised for not doing it is some felt
> uncomfortable carrying around their GPG keys when travelling.
>
> My initial reaction was "that's being overly cautious" particularly
> given there signi
There was a thread on d-private in early March about the benefits and
downsides to to requiring every DD and aspiring DD to sign their
messages. One of the reasons raised for not doing it is some felt
uncomfortable carrying around their GPG keys when travelling.
My initial reaction was "t
here it will not exist.
$ strace gpgv foo.sign 2>&1 | grep ^open.*gpg
open("/home/timo/.gnupg/trustedkeys.gpg", O_RDONLY) = 3
open("/home/timo/.gnupg/trustedkeys.gpg", O_RDONLY) = 5
$ strace gpgv --keyring pubring.gpg foo.sign 2>&1 | grep ^open.*gpg
open("/home/ti
[Timo Juhani Lindfors]
> Peter Samuelson writes:
> > Note that this adds a keyring to the current list. If the intent
> > is to use the specified keyring alone, use --keyring along with
> > --no-default-keyring.
>
> You probably read "man gpg" bu
Peter Samuelson writes:
> Note that this adds a keyring to the current list. If the intent
> is to use the specified keyring alone, use --keyring along with
> --no-default-keyring.
You probably read "man gpg" but gpgv is simpler:
gpgv: Invalid option "--no-d
[Timo Juhani Lindfors]
> Is
>
> /usr/bin/gpgv --quiet --keyring /etc/myprogram/trusted.gpg file file.sig
> chmod a+x file
> ./file
>
> still a safe way to ensure that only code signed by a key in trusted.gpg
> gets executed?
>From the manpage:
Note that this adds a keyring to the current l
* Ansgar Burchardt [121214 16:18]:
> 2, Not asking gpg to verify signatures:
>
> I also found packages that call gpg in the form "gpg $file" and expect
> gpg to verify the signature on $file and output the signed data. Indeed
> it does so for *signed* files, but if you j
Ansgar Burchardt writes:
> I recently looked at several packages using gpg to verify signatures
Thanks for your work! Please try to raise this upstream so that they can
provide proper interfaces.
Is
/usr/bin/gpgv --quiet --keyring /etc/myprogram/trusted.gpg file file.sig
chmod a+x file
./f
Hi,
I recently looked at several packages using gpg to verify signatures and
found ways to circumvent the signature check, see [1] for a few bug
reports demonstrating this.
[1]
<http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=gpg-clearsign;users=ans...@debian.org>
So far I have fou
Package: wnpp
Severity: wishlist
Owner: tony mancill
* Package name: gpg-remailer
Version : 2.53.0
Upstream Author : Frank Brokken
* URL : https://www.icce.rug.nl/debian/remailer
* License : GPLv3
Programming Lang: C++
Description : GnuPG-enabled
dear all,
sorry, I had completely forgotten that the debdelta signing key was to
expire on 20th August; I have issued a new one; to import it, save it
from attachment and issue, as root
# gpg --home /etc/debdelta/gnupg/ --import 2012_signed.key
I will upload a new 'debdelta' package
.
>
> Now I've created a new 4096 GPG key, I've specified also my second name (I
> tought that is more correct), my doubt regards this. Maybe it's a problem
> asking for a replacement of my old key? It's better if I recreate a key
> without my second name?
>
&g
ly my first and last name, my doubt is related to my
>second
>name. I use it only on official/buroccratic documents.
>
>Now I've created a new 4096 GPG key, I've specified also my second name
>(I
>tought that is more correct), my doubt regards this. Maybe it's a
&
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi David,
On 06.05.2011 22:45, David Bruce wrote:
> I'd
> like to get my gpg key signed by some more Debian developers to build
> up the web of trust.
You might want to check [1] for DDs coming closest to your location and
offering
Hi,
I hope this topic is acceptable for this list. I'm upstream for two
packages in Debian (tuxmath and tuxtype), and I've started gpg-signing
the releases, which I think Debian considers highly desirable. I'd
like to get my gpg key signed by some more Debian developers to buil
On Thu, Apr 07, 2011 at 10:26:10AM -0700, Jonathan McDowell wrote:
> It's not entirely accurate. The point of those lines are to ensure that
> older (certainly lenny and earlier, I'm not sure when the default
> changed) versions of GnuPG don't use SHA1 when signing keys (either your
> own or others
On Wed, Apr 06, 2011 at 12:15:49PM +0200, Vincent Caron wrote:
> On Wed, 2011-04-06 at 01:09 +, brian m. carlson wrote:
> > On Tue, Apr 05, 2011 at 05:15:15PM +0200, Vincent Caron wrote:
> > > 2/ It is suggested to update gnupg.conf with:
> > >
> > > personal-digest-preferences SHA256
> >
On Wed, Apr 06, 2011 at 12:15:49PM +0200, Vincent Caron wrote:
>That's a nice explanation that would fit on
> http://keyring.debian.org/creating-key.html
If someone would like to put it up there, he or she should feel free to
do so.
> Thanks for your help.
Sure.
--
brian m. carlson / bri
On Wed, 2011-04-06 at 01:09 +, brian m. carlson wrote:
> On Tue, Apr 05, 2011 at 05:15:15PM +0200, Vincent Caron wrote:
> > 2/ It is suggested to update gnupg.conf with:
> >
> > personal-digest-preferences SHA256
> > cert-digest-algo SHA256
> > default-preference-list SHA512 SHA384 SHA
On Tue, Apr 05, 2011 at 05:15:15PM +0200, Vincent Caron wrote:
> 2/ It is suggested to update gnupg.conf with:
>
> personal-digest-preferences SHA256
> cert-digest-algo SHA256
> default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5
> ZLIB BZIP2 ZIP Uncompressed
>
>
1 - 100 of 344 matches
Mail list logo
